Recovering Labels from Local Updates in Federated Learning
Huancheng Chen, Haris Vikalo
TL;DR
This paper introduces RLU, a novel label recovery method for federated learning that accurately reconstructs data labels even under realistic conditions, enhancing gradient inversion attack effectiveness.
Contribution
RLU is a new label recovery scheme that works effectively in real-world federated learning scenarios with multiple local epochs, data heterogeneity, and various optimizers.
Findings
RLU achieves near-perfect label recovery on untrained models.
RLU outperforms existing methods across multiple datasets and scenarios.
Reconstructed images show improved quality in gradient inversion attacks.
Abstract
Gradient inversion (GI) attacks present a threat to the privacy of clients in federated learning (FL) by aiming to enable reconstruction of the clients' data from communicated model updates. A number of such techniques attempts to accelerate data recovery by first reconstructing labels of the samples used in local training. However, existing label extraction methods make strong assumptions that typically do not hold in realistic FL settings. In this paper we present a novel label recovery scheme, Recovering Labels from Local Updates (RLU), which provides near-perfect accuracy when attacking untrained (most vulnerable) models. More significantly, RLU achieves high performance even in realistic real-world settings where the clients in an FL system run multiple local epochs, train on heterogeneous data, and deploy various optimizers to minimize different objective functions. Specifically,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Machine Learning and Data Classification